Cyber-security is a major concern for companies. Industrial Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) used to be completely isolated; therefore their security could be controlled and safeguarded. Additionally, the information from these industrial systems used to be limited to monitoring and control information. As industrial systems can be used to form a plant network, these systems have evolved and historization functionality (the storage and generation of historical data) has been added as an integral part to further support industrial operations. This historical data can be used to analyze failures and project future operational trends.
With more diverse operations, management has also became interested in the information provided by the industrial systems. Accordingly, the industrial systems have evolved to be connected to business networks. For example, connectivity demands such as access to plant data at the business network, access to business data at the plant network, plant-to-plant data exchange, etc. have arisen. With these connectivity demands, cyber-security has become a major issue as companies seek to secure their control systems.
Current mechanisms for providing secured connectivity try to propagate data from one network to another without propagating malicious code or leaving any room for hackers to access and misuse the connectivity tunnel (or “data tube”). However, challenges exist in distinguishing the required data to be passed from one network to another and possible injected threats present in this required data, which may appear on the other side of a data propagation as malware or malicious code. When malicious code is not recognized, the malicious code can be mistakenly considered as part of required data. Subsequently, the malicious code can be reconstructed through each layer of an Open Systems Interconnection (OSI) model at a destination network (for example, data link layer (Layer 2) up to application layer (Layer 7). As such, the malicious code can eventually propagate through the destination network and become active. Malicious actions performed by the malicious code can cause damage to the destination network and data, negatively affect destination network performance, and potentially use the destination network as a platform to duplicate and further propagate the malicious code to other networks.